Please help me understand why right answer is the right one?

kabooterkabooter Member Posts: 115
A seemingly simple question:
A security policy which will remain relevant and meaningful over time
includes the following:
A. Directive words such as shall, must, or will, technical specifications and
is short in length
B. Defined policy development process, short in length and contains
directive words such as shall, must or will
C. Short in length, technical specifications and contains directive words
such as shall, must or will
D. Directive words such as shall, must, or will, defined policy development
process and is short in length

I chose B but answer is something else. Can anyone please explain what is difference between B and D?

Comments

  • lucky0977lucky0977 Member Posts: 218 ■■■■□□□□□□
    This question looks like something from transcender, which makes their questions harder than the actual exam. The only thing I can see is the key word "contains" in question B. Question D doesn't have the word "contains", which indicates that directive words such as shall , must or will are mandatory.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • kabooterkabooter Member Posts: 115
    lucky0977 wrote: »
    This question looks like something from transcender, which makes their questions harder than the actual exam. The only thing I can see is the key word "contains" in question B. Question D doesn't have the word "contains", which indicates that directive words such as shall , must or will are mandatory.
    Holy mother of Jesus!
    For the life of me I could not notice the "contains" difference between B and D. In any case both pretty much mean same thing. This is what I find very discouraging. If these are the kind of questions they are going to put up in test, then god save the queen!
    PS Its from Chap 1 of Official Official ISC2 Book.
  • lucky0977lucky0977 Member Posts: 218 ■■■■□□□□□□
    Well to be honest, if you read a lot of threads where people have passed, you'll notice that they mention that you should should read the questions and answers carefully and multiple times. When I took mine, I read the question the 1st time and was like WTF is this? Then after re-reading again a 2nd or 3rd time, you could understand more and find keywords that hint at the correct answer.

    This is a test like no other ( 50% reading comprehension & 50% actual security related) and a test I hope I never have to take again.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • OctalDumpOctalDump Member Posts: 1,722
    It's just another bad question. There isn't a real semantic difference between those two options both require that the security policy contains/includes directive words.

    The annoying thing is that there doesn't appear to be a reference to directive words elsewhere in the CBK (or official study guide). But maybe I'm not looking hard enough.

    I'd say don't worry about whether the answer is B or D, and just know the content. A and C are the same thing as well, and the only difference really between all four is "technical specifications" vs "policy development process".

    Others have commented that the book content is better than its practice questions. It certainly wouldn't be the first book where the answers are wrong, or the questions bad...

    EDIT

    I've found a clearer statement of what Security Policies should have in the 3rd edition of the Guide to the CBK - page 495. But can't find the corresponding detail in the 4th edition...

    The 3rd edition contains this exact same question, though... maybe they copied questions but not the content that the question is meant to test
    2017 Goals - Something Cisco, Something Linux, Agile PM
Sign In or Register to comment.